Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update bluemonday to v1.0.15 #16379

Merged
merged 6 commits into from Jul 9, 2021
Merged

Update bluemonday to v1.0.15 #16379

merged 6 commits into from Jul 9, 2021

Conversation

6543
Copy link
Member

@6543 6543 commented Jul 8, 2021
edited

as title

and nit: chmod +x contrib/update_dependencies.sh

@6543 6543 added this to the 1.15.0 milestone Jul 8, 2021
6543 added a commit to 6543-forks/gitea that referenced this pull request Jul 8, 2021
@6543
Update bluemonday to v1.0.15 (go-gitea#16379)
eff6f13
@6543 6543 mentioned this pull request Jul 8, 2021
Merged
@6543 6543 added the backport/done All backports for this PR have been created label Jul 8, 2021
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Jul 8, 2021
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jul 8, 2021
@KN4CK3R
Copy link
Member

KN4CK3R commented Jul 8, 2021

The failing tests are ok because we expect wrong things and need to change the tests.

test(
	"https://www.example.com/foo/?bar=baz&inga=42&quux",
	`<p><a href="https://www.example.com/foo/?bar=baz&inga=42&quux" rel="nofollow">https://www.example.com/foo/?bar=baz&amp;inga=42&amp;quux</a></p>`)

<p><a href="https://www.example.com/foo/?bar=baz&inga=42&quux" rel="nofollow">https://www.example.com/foo/?bar=baz&amp;inga=42&amp;quux</a></p>
is not valid html.
<p><a href="https://www.example.com/foo/?bar=baz&amp;inga=42&amp;quux" rel="nofollow">https://www.example.com/foo/?bar=baz&amp;inga=42&amp;quux</a></p>
is valid.

...aaa%2Fbbb... and ...aaa/bbb... are both valid. As bluemonday switched to the second, we need to switch too.

<p><a href="magnet:?xt=urn%3Abtih%3A5dee65101db281ac9c46344cd6b175cdcadabcde&dn=download" rel="nofollow">magnet:?xt=urn:btih:5dee65101db281ac9c46344cd6b175cdcadabcde&amp;dn=download</a></p>
Same as 1) because the single & is invalid and : does not need to be encoded.

6543 added a commit that referenced this pull request Jul 9, 2021
@6543
Update bluemonday to v1.0.15 (#16379) (#16380)
d98694e 
* Update bluemonday to v1.0.15 (#16379)

* Fix TESTS
@codecov-commenter
Copy link

Codecov Report

Merging #16379 (f69cd21) into main (0393a57) will increase coverage by 1.27%.
The diff coverage is 52.54%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main   #16379      +/-   ##
==========================================
+ Coverage   44.24%   45.51%   +1.27%     
==========================================
  Files         695      709      +14     
  Lines       82341    83767    +1426     
==========================================
+ Hits        36429    38127    +1698     
+ Misses      40014    39504     -510     
- Partials     5898     6136     +238
Impacted Files Coverage Δ
cmd/convert.go 0.00% <0.00%> (ø)
cmd/dump.go 0.91% <0.00%> (ø)
cmd/dump_repo.go 0.00% <0.00%> (ø)
cmd/generate.go 0.00% <0.00%> (ø)
cmd/hook.go 0.00% <0.00%> (ø)
cmd/migrate.go 0.00% <0.00%> (ø)
cmd/migrate_storage.go 0.00% <0.00%> (ø)
cmd/serv.go 2.36% <0.00%> (-0.22%) ⬇️
cmd/web.go 0.00% <0.00%> (ø)
cmd/web_letsencrypt.go 0.00% <ø> (ø)
... and 278 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6c6938e...f69cd21. Read the comment docs.

@6543 6543 merged commit 91162bb into go-gitea:main Jul 9, 2021
@6543 6543 deleted the update-bluemonday branch July 9, 2021 01:30
@richmahn richmahn modified the milestones: 1.15.0, 1.14.5 Jul 9, 2021
@zeripath zeripath added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Jul 15, 2021
AbdulrhmnGhanem pushed a commit to kitspace/gitea that referenced this pull request Aug 10, 2021
@6543 @AbdulrhmnGhanem
Update bluemonday to v1.0.15 (go-gitea#16379)
f022767 
* update github.com/microcosm-cc/bluemonday

* add exec flag to contrib/update_dependencies.sh

* Fix TESTS
@go-gitea go-gitea locked and limited conversation to collaborators Oct 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@techknowlogick techknowlogick techknowlogick approved these changes

@lafriks lafriks lafriks approved these changes

@KN4CK3R KN4CK3R KN4CK3R approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug
Projects
None yet
Milestone
1.15.0
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@6543 @KN4CK3R @codecov-commenter @techknowlogick @lafriks @zeripath @richmahn @GiteaBot